Jump to content

GT500

Emsisoft Employee
  • Content Count

    14249
  • Joined

  • Days Won

    450

Posts posted by GT500

  1. Lets try ComboFix in Safe Mode With Networking one more time. Here's he link to instructions on starting your computer in Safe Mode With Networking. Here's a link to download the latest ComboFix.

    If it works this time, then attach the log to a reply. If not, then restart the computer in Safe Mode (as opposed to Safe Mode With Networking), and hold down the Ctrl key then tap the R key to open the run dialog. Type ComboFix /nombr and then click OK and see if ComboFix works OK that way.

  2. When usining the EAM:

    Some users have reported that after long time using the EAM, the EAM didn't apear in startup (when they turn on or restart the computers). When they tried to use the EAM,
    the setup wizard opend
    and they had to install it again for running the EAM.

    We have not been able to replicate this in our own testing, so our developers are going to need information and logs from computers where this is happening. They will need to see the settings file (C:\Program Files\Emsisoft Anti-Malware\a2settings.ini) and the logs (C:\Program Files\Emsisoft Anti-Malware\Logs\logs.db3) as well as DebugView and Fiddler logs. Instructions for DebugView and Fiddler logs are below. If you do have a chance to collect this information, then please send it to me via a private message rather than posting it publicly on the forums.

    The following instructions assume that you are collecting the information after the System Tray/Notification Area icon has disappeared, and before running the wizard. Please review both sets of instructions before trying them, as they will both need to be done at the same time, and I have not combined the instructions to account for that.

    DebugView Log

    Before running DebugView, a registry entry will need to be created that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file eam_enable_debug_output.zip contains a batch file which, when run with administrative rights, will automatically create that registry entry for you. Please download this file, extract the batch file from it (it will also be named eam_enable_debug_output), and run the batch file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click on the batch file and select to Run as administrator):

    After that, please restart your computer, and then proceed with the instructions below:

    1. Download DebugView from this link:
    2. When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'.
    3. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All".
    4. Open the new DebugView folder that was created on your Desktop after extracting.
    5. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator".
    6. Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item).
    7. Please make sure that Fiddler is ready before proceeding (steps 1-6 in the Fiddler log instructions below), as you will need to follow the instructions to set up a proxy in the Emsisoft Anti-Malware Wizard before running through the Wizard.
    8. After geting Fiddler ready and setting up the proxy settings in the Wizard, proceed through the Wizard normally.
    9. After you have finished with the Wizard, and see the Emsisoft Anti-Malware icon back in the System Tray/Notification Area you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop.
    10. You can go ahead and send this log to me in a private message.

    Note: You may need to ZIP the log file in order to attach it to a message. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.

    Fiddler Log

    Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below:

    1. After installing Fiddler, please open it from the Start Menu.
    2. Launch the Emsisoft Anti-Malware Wizard from the Emsisoft Anti-Malware icon on the Desktop.
    3. Click on the Connection settings link in the lower-left corner.
    4. Check the box that says Use proxy server.
    5. Enter localhost in the Proxy server field, and then enter 8888 in the port field.
    6. Click 'OK'.
    7. Continue with the Wizard normally.
    8. After completing the Wizard, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop).
    9. Please send the log to me in a private message.

  3. Hello. Please allow me the apologize for the slow response.

    We appreciate your comments, and we will consider them in future updates.

    Here are a few quick responses to some of your questions, in the order they were asked.

    1. Online Armor will automatically drop old entries in the history when the database it is stored in exceeds a certain size.
    2. Our developers will take care of this as soon as they get a chance.
    3. I do not believe that there are currently any plans to change this behavior.

  4. We'll probably need some logs to see what the problem is. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your update problem. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.

  5. Did the search tell you what folders the Extras.txt files were in? That certainly seems like a lot of them, and OTL doesn't normally do that.

    Since some weird things are still happening, lets get a log from MBRScan:

    1. Please download MBRScan and save it to your desktop.
    2. Doubleclick on MBRScan.exe and click the Report button..
    3. Please don't use the computer while the scan is running. The computer may not respond until the scan is done. Please be patient and don't force a restart of the computer.
    4. When the scan is finished, a log file will appear.
    5. Save that log file to your desktop and post its content in your next reply.

  6. Have you added exclusions to Emsisoft Anti-Malware for COMODO Firewall? If not, then here are instructions for adding process exclusions in Emsisoft Anti-Malware:

    1. Open Emsisoft Anti-Malware from the icon on the desktop.
    2. Click Guard in the menu on the left.
    3. Go to the File Guard tab.
    4. In the lower-left corner, just above Alerts, click on the Manage whitelist link.
    5. In the box under Type click the little down arrow and change it from File to Process (you may need to click in the box for the arrow appear).
    6. Click in the white box below Item to make a button with three dots (...) appear, and then click the ... button.
    7. Navigate to the directory where the files you wish to exclude are located, and double-click on one of them to add it.
    8. Repeat the last 3 steps as needed to add each file to the exclusions list.
    9. Click the OK button at the bottom when done, and close Emsisoft Anti-Malware.

    I don't actually know what files you'll need to exclude for COMODO Firewall, however I can help you find out if you use RSIT from this link. RSIT is capable of creating a log that will list all startup items and services, which will give me the information I need to be able to find out what files from COMODO Firewall need to be excluded. All you have to do is save RSIT on your desktop, run it, then click on the button to start the scan (I would believe it is a large button that says 'Continue'). Once it is done, it should present you with a log in Notepad when it is finished. Save that log on your desktop, and attach it to a reply by using the More Reply Options button to access the attachment controls.

  7. The caching is a little more than just skipping over files that are trusted. There are certain checks that are done to verify if a file has changed since it was determined to be safe, and the file will be scanned if there is a possibility that it has been compromised.

    Also, in regards to your Speccy log, one of our researchers determined that it contained your Windows license key, so they immediately deleted the log. If you open Speccy again, there should be an option in the File menu to publish the information to the web (which should not contain any sensitive information) and you should be able to post a link to that information for our developers to see.

    As for Extras.txt, it should be saved on your desktop automatically after the scan. I probably need to review my instructions and make sure that OTL's behavior hasn't changed in regards to how it shows you the logs.

  8. OK, our developers have taken a look at your logs. They did ask if there was a reason why the "advanced caching" was disabled in the scan performance settings, as this technology is used to speed up the scan times. They also wanted log from OTL and Speccy, so here are instructions for those:

    Getting OTL Log:

    1. Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
    2. Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
    3. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
    4. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
    5. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

    Getting Speccy Log

    1. Please download Speccy Portable from this link, and save it on your desktop.
    2. Once the download has completed, right-click on the file that you saved on your desktop, and extract the contents (this should create a new folder on your desktop with the Speccy files inside of it).
    3. Open the Speccy folder on your deskop, and run Speccy (if your computer has a 64-bit edition of Windows, then you may wish to run Speccy64 instead).
    4. After Speccy launches, you should see a little circle spinning in the lower-left corner to indicate that it is building a list of the hardware in your computer. Once this spinning circle disappears, please proceed to the next step.
    5. Click on File, and select Save as Text file to save the log.
    6. Please save the log on your desktop, and then attach it to a reply by going to More Reply Options to the lower-right of where you type in your reply to access the attachment controls.

  9. Lets get a fresh OTL log, just to verify that nothing weird has happened since the last one you posted.

    1. Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
    2. Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
    3. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
    4. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
    5. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

  10. Yes, if you send me a private message with the new license keys, and the license key you want them merged into, then I can take care of that for you.

    Also, please note that there is an automatic discount when renewing (the amount of the discount is based on how many years you have had a license with us), so be sure to verify that the sale price is lower than your discounted renewal price before you commit to buying the new 3-year license. ;)

  11. ... Why other AVs could update and got license with this Internet connection and the EAM couldn't ???

    That I can't tell you without more information. It is possible that Fiddler logs from the Wizard when it fails might give us an indication of why it is failing. Let me know if you want to try running Fiddler.

×
×
  • Create New...